Shopify App Issue with Sandbox and Script Execution on Custom Domain

Technical Q&A
,
1

Hi all,

I’m encountering the following error in the browser console:

Blocked script execution in ‘https://ext.greenreceipt.in//…&shop=greenreceipt.myshopify.com&timestamp=1749035574’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set.

This error only occurs when I use my custom domain URL. Everything works perfectly when I run npm run dev which is using Cloudflare.

Even after deploying the app on my Linux server and running the same command (npm run dev), the app works fine with the Cloudflare URL. However, it fails when accessed via my own domain configuration.

I’m using the official Shopify Node.js app template from https://github.com/Shopify/shopify-app-template-node and followed the deployment guide thoroughly.

The app embeds correctly in the Shopify admin dashboard. It also installs and uninstalls without any issue. However:

  • No backend APIs are being triggered.

  • Even the auth.begin function isn’t called during installation.

  • The frontend appears correctly, but no backend interaction happens.

If anyone has faced a similar issue or has insights, please share suggestions on how I can resolve this.

Thanks in advance!

2

Hi,

Hope this will help

  • Check the App URL Settings in Shopify Partner Dashboard
  • Check your Content-Security-Policy Headers
    Code example
res.setHeader(
  "Content-Security-Policy",
  "frame-ancestors https://*.myshopify.com https://admin.shopify.com"
);
  • If applicable Enable Right Permissions
  • Test OAuth Flow Again
  • Deploy Correct Build to Your Server
3

Hi,

Thank you for your response. Could you please mention the exact file and code block where I need to set these headers?
Just to clarify, I’m using the official Shopify Node.js app template from https://github.com/Shopify/shopify-app-template-node, so it would be helpful if your guidance aligns with this structure.